Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
}
// Does the href start with something that looks like a URL protocol?
if ( /^\S+:/.test( trimmedHref ) ) {
const protocol = getProtocol( trimmedHref );
if ( ! isValidProtocol( protocol ) ) {
return false;
}
// Add some extra checks for http(s) URIs, since these are the most common use-case.
// This ensures URIs with an http protocol have exactly two forward slashes following the protocol.
if ( startsWith( protocol, 'http' ) && ! /^https?:\/\/[^\/\s]/i.test( trimmedHref ) ) {
return false;
}
const authority = getAuthority( trimmedHref );
if ( ! isValidAuthority( authority ) ) {
return false;
}
const path = getPath( trimmedHref );
if ( path && ! isValidPath( path ) ) {
return false;
}
const queryString = getQueryString( trimmedHref );
if ( queryString && ! isValidQueryString( queryString ) ) {
return false;
}
const fragment = getFragment( trimmedHref );
if ( fragment && ! isValidFragment( fragment ) ) {